Hi there.
I've recently set up Xampp and CCTW 1.85 and was successful in
connecting it to my companies LDAP.
I was then able to enable HTTPS, and everything seemed fine.
I then checked the access logs under apache\logs, and found that the
username and passwords aren't encrypted in the GET command... whoops.
So I'm seeing a GET command like this:
(IP) - - [28/Jul/2010:14:09:04 +0000] "GET /itwiki/handle/
loginFile.php?cctuser=(AD
User)&cctpass=(userpass)&&nocache=0.32558464522304653 HTTP/1.1" 200 40
"
https://itwiki/itwiki/helpdesk/" "Mozilla/5.0 (Windows; U; Windows NT
5.1; en-GB; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR
3.5.30729)"
Is there something I should have done to configure my apache not to
show it, or is this some problem with GET always being plaintext?
Is there some way I can make sure that the user/pass isn't being sent
via plaintext over the internet?